Home > Store

Intrusion Signatures and Analysis

Register your product to gain access to bonus material or receive a coupon.

Intrusion Signatures and Analysis


  • Your Price: $31.99
  • List Price: $39.99
  • We're temporarily out of stock, but order now and we'll send it to you later.



  • Already in use in professional training organizations.
    • Used by the SANS Institute to train their intrusion analysts, this book is ideal for self-study, containing end of chapter review questions that cover the traces and signatures. Ex.___

  • Web extensible.
    • Companion Website component of trace and signature updates keeps the life of the book long, truly a resource students can use after the course. Ex.___

  • Written by industry experts.
    • Stephen Northcutt has served as the leader of the Department of Defenses Shadow Intrusion Detection Team for two years and was the Chief for Information Warfare at the Ballistic Missile Defense Organization. Ex.___


  • Copyright 2001
  • Dimensions: 7" x 9"
  • Pages: 448
  • Edition: 1st
  • Book
  • ISBN-10: 0-7357-1063-5
  • ISBN-13: 978-0-7357-1063-4

Intrusion Signatures and Analysis opens with an introduction into the format of some of the more common sensors and then begins a tutorial into the unique format of the signatures and analyses used in the book. After a challenging four-chapter review, the reader finds page after page of signatures, in order by categories. Then the content digs right into reaction and responses covering how sometimes what you see isn¿t always what is happening. The book also covers how analysts can spend time chasing after false positives. Also included is a section on how attacks have shut down the networks and web sites of Yahoo, and E-bay and what those attacks looked like. Readers will also find review questions with answers throughout the book, to be sure they comprehend the traces and material that has been covered.

Sample Content

Downloadable Sample Chapter

Click below for Sample Chapter related to this title:

Table of Contents

 1. Reading Log Formats.

 2. Introduction to the Practicals.

 3. The Ten Most Critical Internet Security Threats, Part 1.

 4. The Ten Most Critical Internet Security Threats, Part 2.

 5. Reactions and Responses.

 6. Perimeter Logs.

 7. Non-Malicious Traffic.

 8. Network Mapping.

 9. Scans that Probe Systems for Information.

10. Denial Of Service (DoS)—Resource Starvation.

11. Denial Of Service (DoS)—Bandwidth Consumption.

12. Trojans.

13. Exploits.

14. Buffer Overflows with Content.

15. Fragmentation.

16. False Positives.

17. Out of Spec Packets.


Submit Errata

More Information

Unlimited one-month access with your purchase
Free Safari Membership